Cast your mind back a few years and most businesses wouldn’t have even heard of a DDoS attack. Unfortunately, that’s no longer the case. If your business is using VoIP services your IT team will definitely be aware of DDoS attacks and the best DDoS attack prevention software.
In fact, in recent years, there has been an exponential increase in the number of these attacks – InfoSecurity Magazine reported earlier this year that there were 2.9 million DDoS attacks in Q1 of 2021 alone.
This constituted an increase of 31% over the same quarter in 2020. It’s clear that not only are these attacks on the increase, but that they are now a sophisticated activity that even constitute big business for the attackers that initiate them.
What is a DDoS attack?
DDoS stands for Distributed Denial of Service and it’s a malicious attempt to disrupt the normal internet traffic of a server, service or network. It does this by overwhelming the target or its surrounding infrastructure with a flood of additional internet traffic.
They are particularly effective when attacking multiple, compromised systems – these being computers or other networked resources such as Internet of Things (IoT) devices. Put another way, it’s a bit like a sudden traffic jam clogging up a main road and stopping all the oncoming vehicles from carrying on with their journeys.
The question is, why should you be worried about DDoS attacks and most importantly, how can you protect your business against them?
First and foremost, it’s worth noting that no business is completely immune to a DDoS attack. Even Amazon was the target of a DDOS attack not too long ago. And for so many small and medium sized businesses now using VoIP, the attack potential is even greater. Just look at these 3 UK VoIP providers that were hit over a three-day period.
The business implications are huge. DDoS attacks effectively stop your business from operating until the attack is identified and dealt with – this means lost productivity, an impact on your customer service, even lost sales. And then there’s the reputational factor too that can impact a business for months or years to come.
Nevertheless, there are measures your business can take to prevent attacks or, if you do get hit, deal with them quickly.
How do DDoS attacks work?
Before diving into how your business can protect itself from these attacks, it’s worth looking at how exactly they work.
A step-by-step way to understand a DDoS attack is as follows:
1. Internet protocol requests come from many different sources at the same time.
2. As a result, your server or network is overwhelmed and it becomes difficult to stop this flood of requests.
3. Blocking a single source will not stop the other requests from coming in and so your server or network continues to be flooded and cannot deal with legitimate traffic.
4. Your normal website visitors and employee users can’t access the systems and servers they need to and your business effectively can’t run.
From a more technical perspective, DDos attacks rely on your IT and communications infrastructure, which is probably defined by a number of ‘layers’, for example, the ‘network layer’ where data routing is decided or the ‘application layer’ where your employees actually interact with various devices and applications.
Types of DDoS attacks
DDoS attacks can take place at any of these layers. The most common types of DDoS attack are:
Application Layer Attacks
These attacks basically keep pinging the server with HTTP requests —something that’s very resource-intensive for the server as it has to load all of the files and database queries the website needs to display properly.
Volumetric Attacks
These attacks consume all available bandwidth on a network so no legitimate requests can be processed.
TCP Handshake/SYN Floods/IP Spoofing
This involves a series of incomplete protocol requests, typically using spoofed IP addresses.
Multi-Vector DDoS Attacks
Sometimes, an attacker may combine several DDoS attack methods to make their attack more effective and difficult to counter. They often target multiple layers of the network in order to increase disruption.
How to identify and confirm DDoS attacks
It’s important to know that the act of identifying and confirming a DDoS attack is imperative for your business. Some signs of a DDoS attack may be completely innocent, in which case you don’t want to waste valuable resource tackling a problem that doesn’t exist.
On the flip side however, a genuine attack can lead to long periods of downtime and lost revenue, so the quicker you can identify and confirm it, the quicker you can deal with it and get your business back up and running.
The signs of a DDoS attack are:
- Suspicious amounts of traffic originating from a single IP address or IP range.
- A flood of traffic from users who share a single behavioural profile, such as device type, geolocation, or web browser version.
- An unexplained surge in requests to a single page or endpoint.
- Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural, e.g. a spike every 10 minutes.
Traffic analytics tools such as Loggly can help you identify some of these signs. You simply need to log in to your web hosting account and open your ‘Cpanel’. Find your Logs section and select Bandwidth.
A normal bandwidth chart for the last 24 hours should show a relatively constant line, with the exception of a few small spikes. However, a recent spike in bandwidth that remains high over an hour or more is a clear indication that you’re facing a DDoS attack against your server.
If you think you’ve identified and confirmed a DDoS attack, it’s imperative that you act fast. Read on to find out exactly how to do this.
Quick wins for stopping a DDoS attack
First and foremost, you need to deal with the attack. You can do this by contacting your web hosting provider and having them immediately block all incoming protocol requests. This will instantly relieve the demand on your server and will give you time to reroute traffic and deal with the attack itself.
Of course, the best option is to prevent DDoS attacks from hitting your business in the first place. Luckily, there are a number of quick wins you can deploy to do this, both in your IT department and across the rest of your business.
Ensure all teams are trained in basic network security
The most fundamental thing you can do to prevent DDoS attacks is to allow as little user error as possible. Training your teams on strong security practices is your first line of defence and will keep your networks from being compromised.
Practices you should train your teams on include creating complex passwords, identifying phishing attacks and spotting the signs of cybersecurity threats in general.
Understand the warning signs
Some symptoms of a DDoS attack could turn out to be harmless – these include network slowdown, intermittent connectivity and the occasional website shutdown. If performance issues persist and your log activities show the signs outlined above, then your company needs to take action. It’s every employee’s responsibility to look out for these tell-tale signs and report them as soon as possible.
Deploy firewalls for more sophisticated attacks
For more advanced threats and attacks, a good practice is to use a Web Application Firewall (WAF) against attacks. Depending on your business, you can also easily create customised mitigations against illegitimate requests.
Some firewall applications even allow you to study traffic and create these mitigations based on patterns you might be seeing.
Technical measures to prevent a DDoS attack
Research by Cloudflare has shown that the average cost of infrastructure failure to a business is $100,000 (£75,000) per hour. So any investment in a more advanced cybersecurity set-up is bound to be worth the money.
A number of service providers exist to support with more technical measures and you should take the time to review these and assess which is right for your business.
Here are some more general guidelines you should follow when implementing these technical measures.
✔ Create a DDoS attack response plan.
If the last year or so has taught us anything, it’s that all businesses should have a business continuity plan in place, and that includes a DDoS attack response plan. Your plan should document how you intend on sustaining business operations if a DDoS attack is successful, any technical competencies and expertise that will be necessary, and a systems checklist to ensure that your assets have advanced threat detection.
It should also outline an incident response team to handle the attack, notify key stakeholders and ensure communication throughout the organization.
✔ Secure your infrastructure with DDoS attack prevention solutions
Equip your network, applications and infrastructure with multi-level DDoS protection strategies. This could include firewalls, VPN, anti-spam, content filtering and other security layers to monitor activities and identity traffic inconsistencies that are consistent with the signs of a DDoS attack.
✔ Make sure your systems are up-to-date
Outdated systems are often the ones with the most loopholes that can be exploited by attackers and hackers. You should also make sure your systems are up-to-date by regularly patching your infrastructure and installing new software versions.
✔ Explore cloud-based solutions
Cloud-based solutions can be highly efficient and cost-effective for small and medium-sized businesses. They also offer additional levels of security that can help protect your assets and network from DDoS attacks. These include threat monitoring software, network redundancy, data backup options and much more. The cloud also has bigger bandwidth capabilities so it is less likely to fail if under pressure from a DDoS attack.
✔ Make use of online resources
Whilst the web can often seem like a dark place, it’s also full of great technical resources to help protect your business. This Digital Attack Map is a great place to keep an eye on worldwide attacks – it even lists what sort of attack they are and recent attacks that are worth noting.
With attacks on the rise and hackers becoming more and more sophisticated in their approaches, there’s never been a better time to review your business approach to cybersecurity and to take vital steps to protecting your assets and your data.
The truth is that no solution will ever be 100% effective, but with some simple measures, your employees can be more equipped to avoid malicious DDoS attacks and your IT team more confident in its ability to prevent attacks in the first place.
Read next
Is your business future-proofed against DDoS attacks? Make sure it is with out guide to the best DDoS protection providers and read our article on Cloudflare’s DDoS Glossary and other resources to be fully equipped.